Best CA for SSL Certificates

JaredBusch

@WLS-ITGuy said in Best CA for SSL Certificates:

I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

If you are redirecting, you have no need to disable http. You can of course. But then you also do not need the redirect.

scottalanmiller

Jared is correct, redirection is only a thing if HTTP is up and running.

BRRABill

@WLS-ITGuy said in Best CA for SSL Certificates:

I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

That is actually a good question.

If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

scottalanmiller

@BRRABill said in Best CA for SSL Certificates:

@WLS-ITGuy said in Best CA for SSL Certificates:

I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

That is actually a good question.

If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

Yes, if HTTP isn't there and working, how can it do the redirect?

BRRABill

@scottalanmiller said in Best CA for SSL Certificates:

@BRRABill said in Best CA for SSL Certificates:

@WLS-ITGuy said in Best CA for SSL Certificates:

I have set two of my sites to use Let's Encrypt now. I have it set to redirect http to https. I would assume I disable http on the site so that it doesn't allow that traffic, yes?

That is actually a good question.

If you are redirecting, does http need to be open on the firewall, since the original traffic is coming in on it?

Yes, if HTTP isn't there and working, how can it do the redirect?

Magic, of course.

NashBrydges

@JaredBusch I setup a cert for a Windows server just this morning using this...

https://github.com/Lone-Coder/letsencrypt-win-simple

Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

JaredBusch

@NashBrydges said in Best CA for SSL Certificates:

@JaredBusch I setup a cert for a Windows server just this morning using this...

https://github.com/Lone-Coder/letsencrypt-win-simple

Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

Assuming that it works like certbot and the standard LE renew conf files are used, it should renew at 90 days.

JaredBusch

@NashBrydges said in Best CA for SSL Certificates:

@JaredBusch I setup a cert for a Windows server just this morning using this...

https://github.com/Lone-Coder/letsencrypt-win-simple

Absolutely flawless on initial cert binding and scheduled task creation for renewal. Guess I'll have to wait the 89 days to see if renewal works as easily as the initial setup did.

Just looked at that project and realized I looked at it back in December. Not stable enough for my tastes based on reading the pull requests and open issues.

Danp

@JaredBusch said in Best CA for SSL Certificates:

Yeah, Windows just is not there yet. Someone will get a solid application wrote eventually.

Ran across Certify for Windows just now. Anybody tried it yet?

IRJ

@Danp said in Best CA for SSL Certificates:

@JaredBusch said in Best CA for SSL Certificates:

Yeah, Windows just is not there yet. Someone will get a solid application wrote eventually.

Ran across Certify for Windows just now. Anybody tried it yet?

Here's the GitHub page for it.

https://github.com/webprofusion/certify

It looks cool, but I'd be wary to use in anything even close to production. I might try it on a secluded test server, since the project is in alpha.

IRJ

This line on GitHub about the project makes me even more weary:

Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

File a new issue
Fork the repository
Make your changes
Submit a pull request, detailing the problem being solved and testing steps/evidence
If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

dafyre

@IRJ said in Best CA for SSL Certificates:

This line on GitHub about the project makes me even more weary:

Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

File a new issue
Fork the repository
Make your changes
Submit a pull request, detailing the problem being solved and testing steps/evidence
If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

At least they're up front about expectations.

JaredBusch

@dafyre said in Best CA for SSL Certificates:

@IRJ said in Best CA for SSL Certificates:

This line on GitHub about the project makes me even more weary:

Time spent on developing Certify is extremely limited. If you have a bug or feature and you can fix the problem yourself please just:

File a new issue
Fork the repository
Make your changes
Submit a pull request, detailing the problem being solved and testing steps/evidence
If you cannot provide a fix for the problem yourself, please file an issue and describe the fault with steps to reproduce. General issues which cannot be easily reproduced are likely to be ignored, sorry!

At least they're up front about expectations.

And the rest of it's just boilerplate submit an issue